On Thu, Mar 05, 2009 at 07:04:33PM +0100, Rob Meijer wrote:
> AppArmor provides the facilities for this taking away much ambient
> authority (for the filesystem). The iptables owner match provides the
> facilities for taking away ambient authority for networking.
Unfortunately, the iptables owner match would be a classic
example of an ambient authority ACL.
That said, I'd be interested in knowing if AppArmor could
*without invading the whole system* be made to "sandbox" a given
process in a plash-like way (like starting Netscape^WFirefox
with only read-only rights to their libs, a space for temp
files, rights to execute systems programs with read-write rights
only in the temp space...) That would eliminate a whole class of
problems right there.
--
Lorens